Fix: Sanitize and bind Media import (#11788)

centreon · Sep 22, 2022 · c22ab19 · c22ab19
1 parent 8da2e2a
commit c22ab19
Showing 1 changed file with 5 additions and 7 deletions.
diff --git a/www/class/centreonMedia.class.php b/www/class/centreonMedia.class.php
@@ -410,14 +410,12 @@ public function addImage($parameters, $binary = null)
             $imageId = $row['img_id'];
 
             // Insert relation between directory and image
-            $query = 'INSERT INTO view_img_dir_relation '
-                . '(dir_dir_parent_id, img_img_id) '
-                . 'VALUES ('
-                . $directoryId . ', '
-                . $imageId . ' '
-                . ') ';
+            $statement = $this->db->prepare("INSERT INTO view_img_dir_relation (dir_dir_parent_id, img_img_id) " .
+                "VALUES (:dirId, :imgId) ");
+            $statement->bindValue(':dirId', (int) $directoryId, \PDO::PARAM_INT);
+            $statement->bindValue(':imgId', (int) $imageId, \PDO::PARAM_INT);
             try {
-                $this->db->query($query);
+                $statement->execute();
             } catch (\PDOException $e) {
                 throw new \Exception('Error while inserting relation between' . $imageName . ' and ' . $directoryName);
             }